<?php
/*
 * code to flag user account as deleted
*/
session_start();
if(!isset($_SESSION['userid'])){
	header("location: ../login.php");
} else if(!$_SESSION['userRole']=='Admin'){
	header("location: ../home/home.php");
}else {


	include("../inc_files/utils/dbconnection.php");

	$userId = $mysqli->real_escape_string($_POST["userid"]);
	$query = "UPDATE staff SET Deleted = 1 WHERE UserID='{$userId}';";
	echo ($mysqli->query( $query ));

	//tidy up database connection
	$mysqli->close();
}

?>